Process flow: Applying the key information to a user account for a device
- A BlackBerry® device user installs the BlackBerry® Pushcast™ Player or accepts a registration request from a new content provider.
BlackBerry Pushcast Player generates a
2048-bit RSA® key pair and sends a web services message to the
BlackBerry® Pushcast™ Software.
The web services message contains the public key that the BlackBerry Pushcast Software uses to authenticate the BlackBerry device user. The BlackBerry Pushcast Player sends a web services message over an HTTPS connection.
- The BlackBerry Pushcast Software sends a random string that is encrypted using the device public key in an email message to the user's inbox to determine whether the device is associated with the user account. If the device is associated with the user account, the device can decrypt the email message.
- The device decrypts the random string.
- The device signs the random string using a private key and sends it to the BlackBerry Pushcast Software in a web services message.
- The BlackBerry Pushcast Software checks the web services message to determine which device it was sent from by locating the random string that the web services created for the user account and verifying the digital signature.
- If the digital signature is not valid, the BlackBerry Pushcast Software rejects the request. If the digital string is valid, the BlackBerry Pushcast Software applies the key information to the user account. All subsequent email messages and web services messages that the BlackBerry Pushcast Player sends to the BlackBerry Pushcast Software must be digitally signed using the private key that the BlackBerry Pushcast Player generated in step 2.
- The BlackBerry Pushcast Player user accesses content in the BlackBerry Pushcast Player.